Galaxy can do some these and maybe not others. This is a really big topic, and I hope you let us all know how progress on this goes - it is a really interesting use case. I can comment a little on each part of this, but they are all connected and there are different ways to approach each of these things. On Tue, Jan 14, 2014 at 12:03 PM, Fernandez Edgar <edgar.fernandez@umontreal.ca> wrote:
Hello galaxy team,
First and foremost, I would like to thank you for your assistance with my galaxy installation with apache proxy.
It works very well.
Secondly, I would like your help with creating users, groups, roles and permissions that would allow me to:
1. differentiate a student from a teacher
Are you creating these accounts inside of Galaxy or using an external authentication method? Because if your are creating these accounts yourself - I would suggest using naming scheme to distinguish these: std_cls_lastname teach_cls_lastname Another idea to consider is to make all teachers admins. This provides a lot of extra functionality that can cover some additional requirements below and can serve as the basis for differentiating.
2. differentiate a student in course A or in course B
You could use a naming scheme, or your could create a group and role for each course. It looks like there is an API for managing groups and roles. This can help automate some of this - it would be very laborious to do this through the UI I imagine.
3. teachers having read access to students’ work
This one is why I would give the teachers admin access - I think they could impersonate the students to access their work (set allow_user_impersonation = True in universe_wsgi.ini). It would mean that every teacher would have full access to every students work - if this is a problem you might want to consider standing up a Galaxy instance per class - there is some up front overhead with this - but it would make cleaning things up really easy. If these aren't realistic solutions, I think producing course documentation describing for students how to manually share their work with teachers is probably the best bet. Any user can share a history with any other user or produce links and e-mail these to the teacher.
4. teachers sharing with students
I would look at having the teachers setup pages for individual courses or lesson plans. These can be made public and students would be able to import histories, datasets, and workflows right in from these. If more targeted sharing is needed again I think the best bet right now might just use Galaxy's history sharing capabilities.
Right now, I just have created users. There is no group or roles or permissions or datasets.
On another note, how can I disable the account of one specific user or a whole group ?
To enable this functionality for individual users and groups in the UI you need to set allow_user_deletion to True in universe_wsgi.ini. I don't think deleting a group will delete all the users in it though. This can be automated either by extending the API to support deleting users and then writing a script to iterate over a group and delete all the users or by writing a script that talks to the database directly or using scripts/db_shell.py (which provides an external script access to the Galaxy's data connection and model classes). Hope this helps, -John
Cordialement / Regards,
Edgar Fernandez
System Administrator (Linux)
Direction Générale des Technologies de l'Information et de la Communication
( Bur. : 1-514-343-6111 poste 16568
Université de Montréal
PAVILLON ROGER-GAUDRY, bureau X-218
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/